As the threat of cyberattacks continues to grow, government officials are asking what can individuals and businesses do to protect themselves.

“We are starting this conversation of when it is time to go on the offensive as it relates to cybersecurity,” said Rep. Tom Graves (R-Ga 14). “This creates a lot of policy, ethics and privacy questions.”

Graves and Rep. Kyrsten Sinema (D-Ariz. 9) heard some answers to those questions during a panel discussion they held at Georgia Tech Monday. The bipartisan event examined how public policy can help people and companies go on the offense to defeat and unmask cyber attackers.

In March, Graves put forth a discussion draft of a bill to allow the use of limited defensive measures to identify and stop attackers. While cyber policy discussions are taking place in Washington, Graves said they wanted to hear from others.

“Quite frankly we’re not satisfied with the direction of where policy has gone as it relates to cybersecurity,” he said.

Monday’s panel allowed for a robust discussion on cybersecurity from a policy perspective, an academic perspective and the private sector perspective.

In addition to Graves and Sinema, the other panelists were:

John Lens, a vice president for the Network and Security Business Unit at VMware.

Stephen Pair, co-founder and CEO of BitPay.

Peter Swire, the Huang Professor of Law and Ethics in the Scheller College of Business.

Candace Worley, chief technical strategist for McAfee.

Georgia Tech is a place “where government, industry and universities can come together to talk about some very, very challenging problems in the world,” said Stephen E. Cross, the Institute’s executive vice president for research.

The Institute has been developing cybersecurity solutions for more than 20 years. Tech houses nearly a dozen labs and centers dedicated to cybersecurity, and has more than 450 scientists, faculty and students involved with this research.

Georgia Tech is also home to the Advanced Technology Development Center (ATDC), the state’s technology incubator. ATDC is currently incubating seven companies in the cybersecurity space and assisting 33 entrepreneurs and early-stage startups statewide with entrepreneurial education in cybersecurity.

The program is designed to prepare leaders in the field with the knowledge and skills to manage complex safety and health programs.

“This Professional Master’s degree in Occupational Safety and Health reflects how close we and the School of Building Construction faculty are to the building industry, and how as academics, we can address the needs of builders and building managers,” said Georgia Tech College of Design Dean and John Portman Chair, Steven P. French. “The same changes in technology that have impacted how architects and engineers design buildings are also affecting how construction safety specialists do their jobs. It’s exciting to lead the state in creating safer environments for people who work in the spaces we design.”

The professional master’s program was developed in response to a growing need in the state for a highly qualified workforce in the occupational safety and health (OS&H) field. According to the Georgia Department of Labor, employment for OS&H specialists is projected to grow 7.3 percent from 2012 to 2022, and only 18 percent of safety related professionals have a master’s degree. In 2013 alone, 2,753 positions in this field required a master’s degree, an increase of 60 percent since 2010.

“As the professional education division of Georgia Tech, we have the expertise and learning technologies to design and deliver educational programs to respond to specific workforce challenges,” said Nelson Baker, dean, Georgia Tech Professional Education. “This degree answers the need for advanced education in this field. It will contribute to improved safety and competitive advantage for state companies, and will be an asset for the state of Georgia.”

PMOSH is an academically rigorous degree featuring faculty experts from the College of Design’s School of Building Construction as well as leading industry professionals from GTRI, where the Georgia Tech OSHA Training Institute Education Center was established in 1992. “The OSHA Training Institute Education Center has made a lasting impact on practitioners of safety and health programs in the southeastern United States,” said Joe Brooks, deputy director, Georgia Tech Research Institute. “This new Professional Master’s in Occupational Safety and Health program will provide leaders in the occupational safety and health field with a deep technical background and strong applications practice, helping to drive state and national growth.”

Geared to working professionals in manufacturing, process, construction and related industries, the program aims to prepare safety specialists for positions of leadership in the OS&H field. PMOSH features a management component that addresses leadership and communication as well as business aspects of OS&H management in addition to fundamentals of OS&H and related standards, and technology and its implementation to support OS&H.

The program incorporates case studies and practical projects that require learners to solve real-world problems in this field. Delivery of PMOSH includes online instruction and one-week, on-campus sessions three times during the two-year program, which begins in the 2017 academic year. Learn more about the Professional Master’s in Occupational Safety and Health.

Georgia Tech Professional Education, an academic division of the Georgia Institute of Technology, offers professional development courses, certificate programs, online master’s and professional master’s degrees in a variety of formats to meet the needs of working professionals and industry partners in STEM and business fields worldwide. We educate over 22,000 individual learners representing close to 3,000 companies annually. Visit Georgia Tech Professional Education. GTPE Media Contact: Danielle Goss, danielle.goss@pe.gatech.edu, 404-385-2510.

About Georgia Tech College of Design

Georgia Tech’s College of Design takes a research-driven approach to what is clearly an art at traditional design schools. We think it’s important to understand how technology enables better design, and how to fuse that technology into buildings, products, lifestyles, cities, regions, and even healthcare. Our design is a particularly creative approach to solving real-world problems. Visit Georgia Tech College of Design

About Georgia Tech Research Institute

The Georgia Tech Research Institute solves complex problems through innovative and customer-focused research and education. Established in 1934, GTRI is Georgia Tech’s non-profit, applied research arm with more than 2,000 staff, 15 locations, eight laboratories and annual contract awards exceeding $350 million. Learn more at Georgia Tech Research Institute.

“Liberate the data.”

That was a principal design goal for a team of public-private health care technology collaborators established by the U.S. Department of Veterans Affairs and Veterans Health Administration to develop a working and scalable proof-of-concept digital health platform (DHP) to support the department’s long-term vision.

The open-source project demonstrated both proven and emerging technologies for interoperability and advanced functionality innovations from both the public and private sectors. The proof-of-concept delivers capabilities that VA and VHA leadership had identified as strategically important to support clinical and operational policy and program transformation plans needed to address expected changes in veteran populations, service needs and care delivery models.

For example, the demonstration included the capability to obtain patient data from disparate military and commercial electronic records systems, and accept information from a broad range of ancillary services and consumer medical devices.

The public-private collaboration, established in partnership with the VA’s Office of Information and Technology, included the VHA, Office of the National Coordinator for Health Information Technology (ONC), the Georgia Institute of Technology and private-sector companies providing services in analytics, customer relationship management, and application program interfaces. Georgia Tech served as the project’s lead architect and provided overall project management.

“If you can liberate the data from deep inside a system and securely move it to the cloud and manage its movement through well-designed application programming interfaces (APIs), that gives you a lot of options for reorganizing work flows and processes,” said Steve Rushing, senior strategic adviser in Georgia Tech’s Health Extension Services. “We are doing for health care what has already been done for other industries that have used interoperability standards as the foundation for APIs to exchange information among different systems.”

The team – including partner organizations Salesforce (CRM), Mulesoft (API gateway), Apervita (real-time analytics) and UCB (portfolio of predictive analytics solutions for epilepsy) – conducted its first demonstration just six weeks after the contract with the VA was signed. Using Fast Healthcare Interoperability Resources (FHIR), a standard describing health data formats and elements, and a REST API transport protocol, the team built an API gateway surrounding VistA and Georgia Tech’s testing and teaching electronic health record system, known as GTonFHIR. The project used anonymous patient data.

The overall project created 21 system APIs, which control how specific types of data flow into and out of the DHP. This included data exchanges with the Cerner EHR (representing the Department of Defense and a community hospital), Duke University Medical Center (Epic) as an academic medical provider, DocSnap personal health record (connecting to a Navy medicine pilot project), and personal health monitoring devices via Apple Healthkit and Validic.

Results of the proof-of-concept collaboration point to better experiences for veterans, said LaVerne Council, who was the VA’s chief information officer at the time the project was conducted.

“The DHP leverages the power of public-private partnerships,” she said. “We brought together some of the brightest engineers and health informaticists from some of the most innovative companies and assembled them at Georgia Tech. There, over a period of eight weeks, we established an API gateway, the cornerstone of the digital health platform, consisting of 21 APIs that connected to three different EHR systems including our own, VistA, a class leading customer relationship management system, Georgia Tech’s Fast Healthcare Interoperability Resources (FHIR) server, and a real time analytics system. We also developed a veteran-facing mobile app. We integrated low-cost, high-quality video communication into the fabric of the veteran experience, and we integrated internet-connected health devices that track activities and vitals including blood pressure, weight and blood glucose.”

Because the architecture is not tied to any proprietary system, the proof-of-concept accommodates future developments by connecting to and from other web services, apps, devices or electronic health systems that use the FHIR or other accepted industry open standards, Rushing said. Also, by keeping much of the original VistA system accessible via the API gateway, the strategy protects the investment in and could accelerate the deployment of the agency’s existing health information technology innovations across the VHA system during the period of full DHP component acquisition and deployment, he explained.

“In electronic health records, like almost any other major enterprise application, about 60 percent of the code is tied to routine workflow needed on a day-to-day basis. Changing these doesn’t add strategic value because the new programming will look much like the old,” Rushing said. “The important strategic implementation is done at the edges of the system, and that’s where the VA wanted us to focus our interoperability engineering and demonstrate the power of liberating the data. By using an architecture that is API-driven, we addressed the interoperability requirement, kept what works and added new VHA-created and private industry innovations where needed.”

Among the innovations is an analytics layer. By studying the health records of service members transitioning from active duty to veteran status, the analytics layer makes recommendations about care, such as enrollment in specialized services for veterans suffering from traumatic brain injury (TBI).

“This is basically doing the same thing – with a different intent – that happens every time you sign into Facebook or Amazon,” said Rushing. “The system learns about you from your records to help health professionals precisely meet your personal needs. Rather than wait until a veteran has a seizure because of a service-related injury, the system would use the analytics to recommend a protocol for proactively managing the problem.”

As an independent third party, Georgia Tech combined the best components from the VA/VHA and private sector companies, negotiated any differences and worked with private-sector staff in five different programming teams to meet the VA’s goals. “We just wanted the best services for veterans,” said Rushing. “That was our driving objective.”

The demonstration addressed the specific challenges of three groups of former service members: Iraq war veterans with traumatic brain injuries, women veterans who need gender-specific services not traditionally provided by the VA, and Vietnam-era veterans who are now suffering age-related illnesses such as diabetes and congestive heart failure. TBIs alone affect some 87,000 veterans.

The system was demonstrated to VA and VHA officials in September and October 2016, and the Georgia Tech team is now wrapping up the documentation for what has been done.

“The VA is looking for a flexible, future-focused health platform and architecture focused on a services-based model,” said Jon Duke, M.D., director of Georgia Tech’s Center for Health Analytics and Informatics. “They are taking a really ambitious approach to it, and this could have a tremendous impact on care for veterans as well as on health systems more broadly.”

The project illustrates the role Georgia Tech can play because it doesn’t have a medical school or hospital and isn’t tied to any specific technology platform.

“When we are working with health systems, we’re neither a competitor nor a vendor,” Duke noted. “We approach each problem from a ‘white hat’ perspective, working to find the right data and infrastructure needed, often using open-source platforms.”

The impetus for the project was VHA strategic planning, started in the spring of 2016, on developing a successor to VistA, which has served the agency for 40 years. The strategic planning scope was expanded beyond replacement of VistA as a single EHR application system to include best practices driving enterprise information technology modernization across other industries. This included the move to a platform of interoperable cloud-based application system components.

The envisioned architecture with its “liberated data” allows for clinical and operational functionality extensions over time by connecting a robust portfolio of interoperable web services and mobile app innovations. By building out this architecture, the project demonstrated that these services and apps could be acquired and deployed in alignment with VA and VHA technology needs for systematically transforming clinical and operations work flows.

The proof-of-concept’s scope of work included a tactically critical goal: treating VistA as just another EHR. The intent was for DHP to not only be agnostic regarding commercial EHRs, but agnostic toward VistA as well. This was achieved by moving VistA data and core modules to the cloud and leveraging existing successful VA initiatives to build open-source interoperable API gateway connections, such as the Enterprise Health Management Platform (eHMP).

The independence from commercial EHRs and VistA showed that VA investments in VistA modernization and VHA investments in industry leading healthcare information technologies, such as telemedicine and home monitoring, could move forward within the DHP deployment cycle and not wait for full deployment, Rushing said.

The Georgia Institute of Technology has been awarded a $17.3 million cyber security research contract to help establish new science around the ability to quickly, objectively and positively identify the virtual actors responsible for cyberattacks, a technique known as “attribution.”

While the tools and techniques to be developed during the four-and-a-half year effort won’t point directly to the individuals responsible, the initiative will provide proof of involvement by specific groups, identifiable by their methods of attack, consistent errors and other unique characteristics. Such attribution could support potential sanctions and policy decisions – and discourage attacks by providing transparency for activities that are normally hidden.

The research, sponsored by the U.S. Department of Defense, will be led by researchers at the Georgia Institute of Technology, in collaboration with other academic institutions and companies. The project is expected to create an attribution framework dubbed Rhamnousia – in Greek mythology, the goddess of Rhamnous and the spirit of divine retribution.

“We should know who our friends are and who our enemies are in the cyber domain,” said Manos Antonakakis, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering and the project’s principal investigator. “We owe it to the people of this country to objectively reason about the actors attacking systems, stealing intellectual property and tampering with our data. We want to take away the potential deniability that these attack groups now have.”

Attributing attacks to specific groups or individuals could be partially achieved today, but it is largely a manual process that requires highly skilled investigators and weeks or months to complete. Rhamnousia will accelerate that process and provide both scientific reasoning and hard evidence about the guilty parties.

“We have a limited number of people working in cybersecurity and attacks occur every day, so we need to be able to optimize the forensic analysis that would lead to attribution,” Antonakakis said. “In this project, we will use machine learning and algorithms to scale up the attribution process to help companies and the government protect against those bad actors. We will provide a systematic and scientific way to deal with the attacks.”

Michael Farrell, chief scientist of the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute (GTRI), is familiar with the issues the U.S. government faces due to an inability to identify those who are attacking U.S. interests in cyberspace. “Deterrence is virtually impossible if you’re unable to identify the adversary,” he noted. “Attribution is the linchpin for deterrence in cyberspace, and the U.S. government is in need of a repeatable and releasable way forward.”

Farrell also serves as the associate director of the Institute for Information Security & Privacy (IISP), and coordinates Georgia Tech’s broad interests in attribution across campus. “There is a policy and strategy component to attribution that is deeply intertwined with the technical solution,” he added. “Georgia Tech is well positioned to engage the broad spectrum of constituents who have an important role to play in this space: industry, academia, government, technology, policy, practitioners and decision-makers.”

The new research effort will use data science and engineering techniques to sift through existing and new data sets to find relevant information.

“Using a variety of data sets and analytical techniques, we can distill the information that will be useful to identifying the virtual cyber actors,” Antonakakis said. “These bad actors have to use the network and computer systems, and they have to interact with sources. They are leaving crumbs behind, and we can leverage those.”

Rapid identification is important to companies and government organizations because the motives of the intruders suggest the kind of information they are seeking, the damage they can do and what the victims may use to stop the attack and minimize impacts.

“For a business, it’s very important to know whether you are being targeted by a commodity-type threat, a run-of-the-mill threat, or if you are being targeted by a specific group that may have ties to a government or to a competitor,” Antonakakis said. “The type of threat would affect business decisions.”

Ultimately, the researchers hope to combine intrusion detection with attribution, allowing a quicker response – and helping victims cut off attackers more quickly.

From a technology standpoint, the project’s goals include development of three specific areas:

Efficient algorithmic attribution methods able to convert the research team’s experience with manual attack attribution to novel, tensor-based learning methods. The algorithms will allow expansion of existing efforts to create a science of attribution and traceback;

Actionable attribution, in which the application of the algorithms will produce attribution reports to be shared with the attribution community;

Historic public attack datasets brought together into a single distributed environment.

At Georgia Tech, the project will tap the expertise of researchers from the School of Electrical and Computer Engineering, College of Computing and GTRI. In addition to Antonakakis, the research team will include Dave Dagon, Doug Blough and Raheem Beyah from the School of Electrical and Computer Engineering and Mustaque Ahamad from the College of Computing.

Georgia Tech researchers have been involved in attribution research in support of cybersecurity efforts for many years. Researchers helped organize the Mariposa Working Group that helped identify the organizers of the Mariposa botnet.

“Historically, attribution has been done primarily for law enforcement so they could put people behind bars and use that as a deterrent for others who might engage in these activities,” said Antonakakis. “We want to make sure that the people doing these attacks know that there is a very good chance that they will get caught and publicly attributed.”

The Institute for Information Security & Privacy (IISP) at Georgia Tech connects government, industry, and academia to solve the grand challenges of cybersecurity. As a coordinating body for nine information security labs dedicated to academic and solution-oriented applied research, the IISP leverages intellectual capital from across Georgia Tech and its external partners to address vital solutions for national security, economic continuity and individual safety.

Endgame, a 2010 graduate of the Advanced Technology Development Center’s Signature program and leading endpoint security platform to close the protection gap against advanced attackers, announced it won an $18.8 million contract with the U.S. Air Force to safeguard networks for its elite Cyber Protection Teams.

ATDC is Georgia Tech’s incubator that provides coaching, connections, and a community to foster the development of technology startups in Georgia.

Endgame first deployed its platform to the Air Force in December 2015 to automate the hunt against global attackers. As part of the current agreement, the Air Force will receive Endgame’s endpoint detection and response (EDR) platform to prevent, detect, and hunt for advanced threats to protect critical infrastructure.

“The Air Force is the gold standard for cybersecurity innovation in the United States, and the extension of our partnership proves that the Endgame platform provides significant value for their security teams,” said Nate Fick, CEO of Endgame. “As attacks become more polymorphic, Endgame’s unique ability to anticipate never-before-seen adversary techniques will help the Air Force better prevent, detect, and hunt attackers before they cause damage or loss.”

Today’s attacks are growing increasingly sophisticated, and despite an estimated $75 billion per year spent on security, attackers dwell undetected in networks for an average of 146 days – exposing organizations to massive theft and business disruption. Unfortunately, most security teams are forced to wait for prior threat intelligence – known as indicators of compromise (IOCs) or signatures – to determine whether their systems are infected. This strategy has failed; waiting and searching for known threats leaves organizations vulnerable for too long and leaves them unable to protect themselves and their critical assets.

Endgame’s EDR platform detects attacks at their earliest stage without prior threat intelligence. Endgame developed its methodology by working with organizations running the largest cyber-operations in the world, including the U.S. Department of Defense and intelligence community.